Apple denies intentionally compromising iOS security, explains ‘backdoor’ features

Apple's iOS Backdoor FeaturesImage Source: zdziarski.com

Following an extensive security report from an iOS forensic and security expert that questioned some of Apple’s iOS tools when it comes to the user’s security and privacy (see his questions in the image above), Apple has taken another step to address “backdoor” concerns on top of stating that it’s not working with anyone to include backdoors in any of its products.

Researcher Jonathan Zdziarski said in his paper that certain tools available in iOS will allow governmental spying agencies and other third parties to remotely control an iOS device and install silent malware that could then be used to spy on an unsuspecting user.

Apple has published a new support document on its website, offering some explanations on how the services described by the security expert are supposed to work.

“Each of these diagnostic capabilities requires the user to have unlocked their device and agreed to trust another computer,” the company said. “Any data transmitted between the iOS device and trusted computer is encrypted with keys not shared with Apple. For users who have enabled iTunes Wi-Fi Sync on a trusted computer, these services may also be accessed wirelessly by that computer.”

According to the company, “com.apple.mobile.pcapd” can support “diagnostic packet capture from an iOS device to a trusted computer. This is useful for troubleshooting and diagnosing issues with apps on the device as well as enterprise VPN connections.”

“com.apple.mobile.file_relay supports limited copying of diagnostic data from a device. This service is separate from user-generated backups, does not have access to all data on the device, and respects iOS Data Protection. Apple engineering uses file_relay on internal devices to qualify customer configurations. AppleCare, with user consent, can also use this tool to gather relevant diagnostic data from users’ devices,” the company wrote.

Finally, “com.apple.mobile.house_arrest is used by iTunes to transfer documents to and from an iOS device for apps that support this functionality. This is also used by Xcode to assist in the transfer of test data to a device while an app is in development.”

What Apple doesn’t explain is whether these tools can be used as described by the researcher for malicious intentions, and does not say why they haven’t been properly disclosed before – in his presentation, Zdziarski said he contacted the company several times on the matter, but Apple chose not to respond to his questions.

The new Apple support document is available at the link below.

Via:
MacRumors
Source:
Apple
blog comments powered by Disqus